On May 14, 2019, Microsoft officially released a security patch that fixed a remote code execution vulnerability in Windows Remote Desktop Services (CVE-2019-0708) that affected some older versions of Windows. This vulnerability is unauthenticated and requires no user interaction, which means that this vulnerability can be exploited by means of a network worm. Any malware that exploits this vulnerability could spread from an infected computer to another vulnerable computer in a similar manner to the WannaCry malware.

After research and judgment, we confirmed that the vulnerability is serious, and it is recommended that the user immediately perform patch update processing.

Affected version

Windows 7

Windows Server 2008 R2

Windows Server 2008

Windows 2003

Windows XP

Unaffected version

Windows 8

Windows 10

Solution

The following mitigation may be helpful in your situation. In all cases, Microsoft strongly recommends that you install the updates for this vulnerability as soon as possible even if you plan to leave Remote Desktop Services disabled:

1. Disable Remote Desktop Services if they are not required.

If you no longer need these services on your system, consider disabling them as a security best practice. Disabling unused and unneeded services helps reduce your exposure to security vulnerabilities.

We use cookies to ensure that we give you the best experience on our website. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on Read more information.OkPrivacy policy